Senior GRC Analyst

About Workato Workato delivers enterprise infrastructure for the agentic era, redefining iPaaS and helping enterprises unify data, applications, processes, and AI into a single, governed platform. A leader in Enterprise MCP and trusted by 50% of the Fortune 500, Workato’s cloud-native architecture connects every application, data source, and process to power real-time orchestration at scale. With enterprise-grade security and continuous innovation at its core, Workato provides the trusted foundation for organizations to automate with confidence and operationalize AI across the business. To learn more, visit www.workato.com Why join us? Ultimately, Workato believes in fostering a flexible, trust-oriented culture that empowers everyone to take full ownership of their roles . We are driven by innovation and looking for team players who want to actively build our company. But, we also believe in balancing productivity with self-care . That’s why we offer all of our employees a vibrant and dynamic work environment along with a multitude of benefits they can enjoy inside and outside of their work lives. If this sounds right up your alley, please submit an application. We look forward to getting to know you! Also, feel free to check out why: Business Insider named us an “enterprise startup to bet your career on” Forbes’ Cloud 100 recognized us as one of the top 100 private cloud companies in the world Deloitte Tech Fast 500 ranked us as the 17th fastest growing tech company in the Bay Area, and 96th in North America Quartz ranked us the #1 best company for remote workers Responsibilities Workato is seeking a detail-oriented, driven, and technically experienced Senior GRC Analyst to strengthen and advance its security governance, risk, and compliance (GRC) program — with a primary focus on FedRAMP authorization and ongoing federal compliance operations. This role will lead FedRAMP readiness, authorization, and continuous monitoring activities in alignment with NIST 800-53 requirements, while also supporting broader compliance frameworks including ISO 27001, NIST 800-171, PCI-DSS, and IRAP. The ideal candidate will bring deep federal compliance expertise combined with strong analytical, communication, and problem-solving skills to evaluate controls, identify gaps, and drive improvements across security domains. In this role, y ou will also be responsible for: Leading FedRAMP authorization efforts — including System Security Plan (SSP) development, Security Assessment Report (SAR) review, Plan of Action Milestones (POAM) management, and preparation for Third Party Assessment Organization (3PAO) engagements Owning continuous monitoring (ConMon) activities in accordance with FedRAMP requirements, including monthly vulnerability scanning, incident reporting, and annual assessments Maintain and update FedRAMP authorization documentation, including SSP, CIS, CRM, and associated artifacts Lead internal and external audits for frameworks including FedRAMP (NIST 800-53), ISO 27001/27701, PCI-DSS, NIST 800-171, and IRAP Coordinate with process owners, control owners, 3PAOs, and federal agency stakeholders to ensure findings are tracked and remediated Conduct risk assessments, security audits, and third-party/vendor risk reviews with a focus on FedRAMP boundary and supply chain risk Review contracts to ensure security and compliance requirements — including FedRAMP flow-down clauses — are met Identify control gaps and recommend improvements to enhance the organization's federal security posture Communicate FedRAMP requirements, risks, and compliance status clearly to both technical and non-technical stakeholders, including federal agency customers Perform regular user access reviews aligned to least-privilege and FedRAMP AC control requirements Develop and track remediation plans for identified risks and POAM items Maintain and update the risk register with federal risk considerations Oversee vendor an ... (truncated, view full listing at source)